mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 23:19:39 -05:00
Move READMEs to their own packages
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
aaed8ad1e3
commit
604ed96160
70
README.md
70
README.md
@ -257,73 +257,3 @@ See this example on what the possible settings are and how to setup the constell
|
||||
}
|
||||
}
|
||||
```
|
||||
# constellation-kms-client
|
||||
|
||||
This library provides an interface for the key management services used with constellation.
|
||||
It's intendet for the Constellation CSI Plugins and the CLI.
|
||||
|
||||
## KMS
|
||||
|
||||
The Cloud KMS is where we store our key encryption key (KEK).
|
||||
It should be initiated by the CLI and provided with a key release policy.
|
||||
The CSP Plugin can request to encrypt data encryption keys (DEK) with the DEK to safely store them on persistent memory.
|
||||
The [kms](pkg/kms) package interacts with the Cloud KMS APIs.
|
||||
Currently planned are KMS are:
|
||||
|
||||
* AWS KMS
|
||||
* GCP CKM
|
||||
* Azure Key Vault
|
||||
|
||||
|
||||
## Storage
|
||||
|
||||
Storage is where the CSI Plugin stores the encrypted DEKs.
|
||||
Currently planned are:
|
||||
|
||||
* AWS S3, SSP
|
||||
* GCP GCS
|
||||
* Azure Blob
|
||||
# constellation-images
|
||||
# constellation-mount-utils
|
||||
Wrapper for https://github.com/kubernetes/mount-utils
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
This package uses the C library [`libcryptsetup`](https://gitlab.com/cryptsetup/cryptsetup/) for device mapping.
|
||||
|
||||
To install the required dependencies on Ubuntu run:
|
||||
```shell
|
||||
sudo apt install libcryptsetup-dev
|
||||
```
|
||||
|
||||
To install or upgrade `go.mod` dependencies from private repositories run:
|
||||
```
|
||||
GOPRIVATE=github.com/edgelesssys/constellation-coordinator go get github.com/edgelesssys/constellation-coordinator
|
||||
GOPRIVATE=github.com/edgelesssys/constellation-kms-client go get github.com/edgelesssys/constellation-kms-client
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
||||
A small test programm is available in `test/main.go`.
|
||||
To build the programm run:
|
||||
```shell
|
||||
go build -o test/crypt ./test/
|
||||
```
|
||||
|
||||
Create a new crypt device for `/dev/sdX` and map it to `/dev/mapper/volume01`:
|
||||
```shell
|
||||
sudo test/crypt -source /dev/sdX -target volume01 -v 4
|
||||
```
|
||||
|
||||
You can now interact with the mapped volume as if it was an unformatted device:
|
||||
```shell
|
||||
sudo mkfs.ext4 /dev/mapper/volume01
|
||||
sudo mount /dev/mapper/volume01 /mnt/volume01
|
||||
```
|
||||
|
||||
Close the mapped volume:
|
||||
```shell
|
||||
sudo umount /mnt/volume01
|
||||
sudo test/crypt -c -target volume01 -v 4
|
||||
```
|
||||
|
@ -1,3 +1,30 @@
|
||||
# constellation-kms-client
|
||||
|
||||
This library provides an interface for the key management services used with constellation.
|
||||
It's intendet for the Constellation CSI Plugins and the CLI.
|
||||
|
||||
## KMS
|
||||
|
||||
The Cloud KMS is where we store our key encryption key (KEK).
|
||||
It should be initiated by the CLI and provided with a key release policy.
|
||||
The CSP Plugin can request to encrypt data encryption keys (DEK) with the DEK to safely store them on persistent memory.
|
||||
The [kms](pkg/kms) package interacts with the Cloud KMS APIs.
|
||||
Currently planned are KMS are:
|
||||
|
||||
* AWS KMS
|
||||
* GCP CKM
|
||||
* Azure Key Vault
|
||||
|
||||
|
||||
## Storage
|
||||
|
||||
Storage is where the CSI Plugin stores the encrypted DEKs.
|
||||
Currently planned are:
|
||||
|
||||
* AWS S3, SSP
|
||||
* GCP GCS
|
||||
* Azure Blob
|
||||
|
||||
# Credentials
|
||||
|
||||
Each Plugin requires credentials to authenticate itself to a CSP.
|
||||
|
36
mount/README.md
Normal file
36
mount/README.md
Normal file
@ -0,0 +1,36 @@
|
||||
# constellation-mount-utils
|
||||
|
||||
## Dependencies
|
||||
|
||||
This package uses the C library [`libcryptsetup`](https://gitlab.com/cryptsetup/cryptsetup/) for device mapping.
|
||||
|
||||
To install the required dependencies on Ubuntu run:
|
||||
```shell
|
||||
sudo apt install libcryptsetup-dev
|
||||
```
|
||||
|
||||
|
||||
## Testing
|
||||
|
||||
A small test programm is available in `test/main.go`.
|
||||
To build the programm run:
|
||||
```shell
|
||||
go build -o test/crypt ./test/
|
||||
```
|
||||
|
||||
Create a new crypt device for `/dev/sdX` and map it to `/dev/mapper/volume01`:
|
||||
```shell
|
||||
sudo test/crypt -source /dev/sdX -target volume01 -v 4
|
||||
```
|
||||
|
||||
You can now interact with the mapped volume as if it was an unformatted device:
|
||||
```shell
|
||||
sudo mkfs.ext4 /dev/mapper/volume01
|
||||
sudo mount /dev/mapper/volume01 /mnt/volume01
|
||||
```
|
||||
|
||||
Close the mapped volume:
|
||||
```shell
|
||||
sudo umount /mnt/volume01
|
||||
sudo test/crypt -c -target volume01 -v 4
|
||||
```
|
Loading…
Reference in New Issue
Block a user